Vulmon Recent Vulnerabilities Trends About Contact

Recent vulnerabilities and exploits

3.3
CVSSv2
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
LinuxLinux Kernel
NA
CVE-2020-13890
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard....
NA
CVE-2020-13889
showAlert() in the administration panel in Bludit 3.12.0 allows XSS....
NA
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used....
NA
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle....
NA
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late....
7.5
CVSSv2
CVE-2018-17246
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing...
ElasticsearchKibanaRedhatOpenshift Container Platform
4.6
CVSSv2
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate...
FreedesktopSystemdRedhatCeph StorageDiscoveryMigration ToolkitOpenshift Container PlatformEnterprise Linux
4.3
CVSSv2
CVE-2016-1252
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a...
DebianAdvanced Package ToolApt
6
CVSSv2
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine....
GnuBash
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
local file inclusionfoxitsoftwareCVE-2020-13379validationphantompdfCVE-2018-21242CVE-2020-9484unprivilegedCVE-2019-20833CVE-2020-11697CVE-2020-11679